WordPress Plugin Vulnerabilities

LearnPress < 3.2.6.7 - Privilege Escalation

Description

Any authenticated user can change its role to an instructor/teacher and gain access to otherwise restricted data.

Affects Plugins

Plugin icon
learnpress
Fixed in 3.2.6.7

References

CVE
CVE-2020-7916
CVE
CVE-2020-7917

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
6.5 (medium)

Miscellaneous

Verified
No
WPVDB ID
eb68ab2e-c55e-4118-be86-79caf7e60ca6

Timeline

Publicly Published
2020-03-16 (about 5 years ago)
Added
2020-03-16 (about 5 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-12-17
Title
WPLMS < 1.9.9.1 - Unauthenticated Privilege Escalation
Published
2024-04-25
Title
XStore Core <= 5.3.5 - Unauthenticated Privilege Escalation
Published
2024-09-10
Title
WooCommerce Photo Reviews Premium < 1.3.14 - Authentication Bypass to Account Takeover and Privilege Escalation
Published
2025-11-10
Title
TNC Toolbox: Web Performance < 2.0.0 - Unauthenticated Privilege Escalation/cPanel Account Takeover
Published
2026-01-05
Title
Download Manager < 3.3.41 - Unauthenticated Limited Privilege Escalation